Hi Marvin, 

Yes, ip address and default-gateway are setup already. I will ask my team to confirm this and send the screenshot for you.

Thanks!

During the sourcefire config process you're prompted to apply the IP and gateway to the management interface.  Why they ask that boggles my mind, the module won't work unless you select yes and apply to the managment interface.

from the module paste the output of show network and show interfaces

They ask that because the FirePOWER module has its own independent routing table (albeit a very basic one) apart from the base ASA.

Yeah I knew about the bridged routing between module and ASA ( a basic verison of how the old 6500 switches with routing modules worked) my point was why ask to apply it as the module will not work without applying the routing to the management interface of the ASA should just auto apply that. I can see many engineers thinking at first glance no I want to reserve management interface for management (go figure right lol)

As for s.lachica a show network and show interfaces from the module CLI will answer just about all our questions.

Actually the base ASA management interface can be configured "no ip address" (and of course "no route management ___" while the FirePOWER module is configured with an address and gateway.

You can use the physical interface for ASA management also but only if it is in the same subnet as the FirePOWER module.

If you're only using the management interface for FirePOWER you can even use the ASA inside interface as the gateway - something you cannot do when you're also using the m0/0 interface for ASA management.

I think of them as two VMs on a hypervisor each with a virtual NIC that maps to the physical m0/0. Only difference is it's not quite as smart as you cannot tag the frames and direct them onto distinct subnets.

One thing coming in the next ASA release will be an actual separate routing table for the management interface on the ASA itself. (pause for applause ;) )

Yes, I have our management interface configured no ip address but it was of little concern as we don't use that interface for management of the boxes. The config script that runs on the module is rather vague and I'm guessing the OP or one of his team configured the IP address and gateway and did not apply it to the management interface. I heard you didnt have to use the management interface for communication to Firesight but I never really chased it down as it was a non issue for us.

Hi bufycisco77,

Reimage the SFR on the cisco ASA. This resolved our issue last time. Search for the procedure of it in cisco.com, the key command is "recover".

Good luck!

Sonny

Hi Sonny,

yes, I did that. Also I have installed never image 5.4. before it was on 5.3.

And it is all good now.

Thanks

Martin